Hi,
my two cents regarding the ID-Discussion here:
A pairwise-ID or targeted ID always means a one-to-one relationship between SP and IdP. But thinking of scientists with multiple affiliations, working groups with scholars from different institutions, the special information services here in Germany or the situation of national libraries like we are - more often we have a situation where a patron gets entitlements for services (Publishers, CRIS-Repositories, other services) from different providers. Usually, this comes with kind of a group- or access-management provided by one institution for other institutions. As I understood, the AARC-Blueprint also addresses things like that.
As we know from our own experience, the group membership can't always expressed in the eduPersonEntitlement as expressed in 5.c.iv of the guidelines by the home organization because they often don't know about special memberships of their users. In our case (and not to brake the SSO) we are using eduPersonUniqueId to identify users on multiple SPs.
So I'm not with way #2 from Peter S. because IMHO FIM it's not only and always for personalisation on a publishers site - it may also be used for access management for other (library) services. Therefore, my favourite would be Peter's #4, although it may be difficult to implement. A library should not patronize their patrons and so shouldn't we with these recommondations.
Best,
Gerrit
-- Gerrit Gragert, M.A. Ltg. IT-Services fuer die Digitale Bibliothek Abt. IDM 2.3
Staatsbibliothek zu Berlin - Preußischer Kulturbesitz Potsdamer Str. 33 10785 Berlin
Tel.: +49 30 266-43 22 30 Fax: +49 30 266-33 20 01 gerrit.gragert@sbb.spk-berlin.de www.staatsbibliothek-berlin.de